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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a system for combating online fraud, the system comprising: 
a monitoring center for monitoring a suspicious email activity, the monitoring center 
comprising: 

a first computer, the first computer comprising instructions executable by the first 
computer to allow an analysis of an investigation of a uniform resource locator; 

a first telecommunication link configured to provide communication between a 
technician and the customer, such that the technician can notify the customer of a 
result of the investigation of a uniform resource locator and the customer can 
provide instructions for responding to a fraudulent attempt to collect personal 
information; and 

a second telecommunication link configured to provide data communication between 
the monitoring center and at least one additional computer; and 
a second computer in communication with the monitoring center via the second 

telecommunication link, the second computer including instructions executable by the 
second computer to: 

gather an incoming email message, the incoming email message comprising a 

uniform resource locator; 
analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email 
message as a possibly fraudulent email message; and 

investigate the uniform resource locator included in the incoming email message to 
determine whether a location referenced by the incoming email message is 
associated with a fraudulent attempt to collect personal information, information. 
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wherein the instructions executable to investigate the uniform resource locator 
comprise instructions to: 

download at least one web page from the server referenced by the uniform 

resource locator; and 
analyze the at least one web page to determine whether the at least one web 
page comprises a data collection mechanism for allowing a user to provide 
personal information to the server referenced by the at least one uniform 
resource locator. 

2. (Original) A system for combating online fraud as recited in claim 1, 



wherein the first computer comprises further instructions executable by the first computer to 
analyze an investigation of a uniform resource locator. 



wherein the first computer comprises further instructions executable by the first computer to 
allow a technician to analyze an investigation of a uniform resource locator. 



provider and a customer, a computer system for combating online fraud, the computer system 
comprising: 

a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 



gather an incoming email message, the incoming email message comprising a 

uniform resource locator; 
analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email 
message as a possibly fraudulent email message; 



3. 



(Original) A system for combating online fraud as recited in claim 1 , 



4. 



(Currently Amended) In a relationship between a fraud protection 
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investigate the uniform resource locator included in the incoming email message to 
determine whether a location referenced by the incoming email message is 
associated with a fraudulent attempt to collect personal information; and 

initiate a response to the fraudulent attempt to collect personal information. 
information; 

wherein investigating the uniform resource locator comprises: 

downloading at least one web page from the server referenced by the uniform 

resource locator; and 
analyzing the at least one web page to determine whether the at least one web page 
comprises a data collection mechanism for allowing a user to provide personal 
information to the server referenced by the at least one uniform resource locator. 

5. (Currently Amended) A computer system for analyzing a suspicious 
email message, the computer system comprising: 
a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 

parse the suspicious email message to identify a header portion of the suspicious 
email message, a body portion of the suspicious email message, and a uniform 
resource locator portion of the suspicious email message; 
analyze the header portion of the suspicious email message; 
analyze the body portion of the suspicious email message; 
analyze investigate the uniform resource locator portion of the suspicious email 
message; and 

categorize the suspicious email message as a possibly fraudulent email message. 
message; 

wherein the instructions executable to investigate the uniform resource locator 
comprise instructions to: 
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download at least one web page from the server referenced by the uniform 

resource locator; and 
analyze the at least one web page to determine whether the at least one web 

page comprises a data collection mechanism for allowing a user to provide 

personal information to the server referenced by the at least one uniform 

resource locator. 

6. (Original) A computer system for analyzing a suspicious email message 
as recited in claim 5, wherein the instructions are further executable by the processor to: 

based on the analysis of the header portion of the email message, assign a score to the header 

portion of the suspicious email message; 
compare the score assigned to the header portion of the suspicious email message with a 

threshold score for the header portion of the suspicious email message; 
based on the analysis of the body portion of the suspicious email message, assign a score to 

the body portion of the suspicious email message; 
compare the score assigned to the body portion of the suspicious email message with a 

threshold score for the body portion of the suspicious email message; and 
based on the analysis of the uniform resource locator portion of the suspicious email 

message, assign a score to the uniform resource locator portion of the suspicious email 

message. 

7. (Original) A computer system for analyzing a suspicious email message 
as recited in claim 6, wherein the computer readable medium comprises further instructions 
executable by the processor to: 

compare the score assigned to the uniform resource locator portion of the suspicious email 
message with a threshold score for the uniform resource locator portion of the suspicious 
email message; and 

based on the comparison of the score assigned to the uniform resource locator portion of the 
suspicious email message and the threshold score for the uniform resource locator portion 
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of the suspicious email message, categorize the suspicious email message as a possibly 
fraudulent email message. 

8. (Original) A computer system for analyzing a suspicious email message 
as recited in claim 6, wherein the computer readable medium comprises further instructions 
executable by the processor to: 

compute a composite score based on the score assigned to the header portion of the 

suspicious email message, the score assigned to the body portion of the suspicious email 
message and the score assigned to the uniform resource locator portion of the suspicious 
email message; 

assign the composite score to the suspicious email message; 

compare the composite score assigned to the suspicious email message with a threshold 

composite score for the suspicious email message; and 
based on the comparison of the composite score assigned the suspicious email message and 

the threshold score for the suspicious email message, categorize the suspicious email 

message as a possibly fraudulent email message. 

9. (Currently Amended) A computer system for investigating a suspicious 
uniform resource locator to determine whether a server referenced by the uniform resource 
locator may be involved in fraudulent activity, the computer system comprising: 

a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 

ascertain an address associated with a server referenced by the uniform resource 
locator; 

obtain information about an address the uniform resource locato r appears purports to 

reference; reference but actually does not reference; 
compare the ascertained address associated with the information about the address the 

uniform resource locato r appears purports to reference; and 
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based on the comparison of the ascertained address and the information about the 
address the uniform resource locato r purports appears to reference, determine 
whether the uniform resource locator is fraudulent. 

10. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein computer readable medium comprises further 
instructions executable to interrogate the server referenced by the uniform resource locator. 

1 1 . (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein computer readable medium comprises further 
instructions executable to generate an event report. 

12. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 10, wherein interrogating the server referenced by the 
uniform resource locator comprises: 

downloading at least one web page from the server referenced by the uniform resource 
locator; and 

analyzing the at least one web page to determine whether the at least one web page 
comprises a field for allowing a user to provider personal information to the server 
referenced by the at least one uniform resource locator. 

13. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 10, wherein interrogating the server referenced by the 
uniform resource locator comprises: 

examining the server for vulnerabilities that indicate the server possible has been 
compromised. 

14. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein ascertaining an address associated with the server 
referenced by the uniform locator comprises tracing a route to the server referenced by the 
uniform resource locator. 
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15. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein obtaining information about an address the 
uniform resource locator appears to reference comprises parsing an anchor associated with the 
uniform resource locator to identify an apparent address for a server referenced by the uniform 
resource locator. 

16. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 15, wherein obtaining information about an address the 
uniform resource locator appears to reference further comprises obtaining WHOIS information 
about the apparent address for the server referenced by the uniform resource locator. 

17. (Original) A computer system for investigating a suspicious uniform 
resource locator as recited in claim 9, wherein obtaining information about an address the 
uniform resource locator appears to reference comprises parsing an anchor associated with the 
uniform resource locator to identify a trusted entity apparently referenced by the uniform 
resource locator. 

18. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information, the computer system comprising: 

a processor; and 

a computer readable medium in communication with the processor, the computer readable 
medium comprising instructions executable by the processor to: 
download a web page from a suspicious server; 

parse the web page to identify at least one field into which a user may enter personal 
information; 

analyze the at least one field to identify a type of information requested by the at least 
one field; 

generate a set of safe data comprising personal information associated with a 
fictitious entity; 
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based on an analysis of the at least one field, select at least a portion of the set of safe 
data comprising the type of information requested by the at least one field; 

format a response to the web page, the response including the portion of the safe data 
comprising the type of information requested by the at least one field; and 

transmit the response to the web page for reception by the suspicious server. 

19. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 18, wherein analyzing the at least one field to 
identify a type of information requested by the field comprises interpreting a label associated 
with the at least one field. 

20. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 1 8, wherein the set of safe data is associated with 
a financial account, and wherein the computer readable medium comprises further instructions 
executable by the processor to: 

monitor the financial account for an account activity evidencing a use of information 

obtained from the set of safe data; and 
trace the account activity to identify an entity using the information obtained from the set of 
safe data. 

21 . (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 18, wherein the computer readable medium 
comprises further instructions executable by the processor to: 

generate a plurality of sets of safe data, each of the sets of safe data comprising personal 

information associated with a fictitious entity; 
based on an analysis of the at least one field, select at least a portion of each of the sets of 

safe data responsive to the at least one field; 
format a plurality of responses to the web page, each of the plurality of response including 

the portion of one of the sets of safe data, each of the portions of one of the sets of safe 

data being responsive to the at least one field; and 
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transmit the plurality of responses to the web page for reception by the suspicious server. 

22. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 2 1 , wherein the computer readable medium 
comprises further instructions executable by the processor to: 

transmit for reception by the suspicious server a number of responses to the web page 
sufficient to cause a recipient of the responses to be uncertain which of a plurality of 
responses include valid personal information. 

23. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 2 1 , wherein the computer readable medium 
comprises further instructions executable by the processor to: 

transmit for reception by the suspicious server a number of responses to the web page 

sufficient to indicate that the fraudulent attempt to collect personal information has been 
discovered. 

24. (Original) A computer system for responding to a fraudulent attempt to 
collect personal information as recited in claim 21, wherein the computer readable medium 
comprises further instructions executable by the processor to: 

transmit for reception by the suspicious server a number of responses to the web page 

sufficient to prevent the suspicious server from receiving any responses comprising valid 
personal information. 

25. (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a system for combating online fraud, the system comprising: 

a monitoring center for monitoring a suspicious email activity, the monitoring center 

comprising a first computer, the first computer including instructions executable by the 
first computer to allow the analysis of the suspicious email activity and the initiation of a 
response to the suspicious email activity; 
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a second computer in communication with the monitoring center, the second computer 
including instructions executable by the second computer to: 

gather an incoming email message addressed to at least one bait email address that 
has been seeded at a location on a computer network likely to be a target for a 
third party attempting to harvest email addresses, the incoming email message 
including a uniform resource locator configured to direct a recipient of the 
incoming email message to a web site referenced by the uniform resource locator; 
and 

a third computer in communication with the second computer and further in communication 
with the monitoring center, the third computer including instructions executable by the 
third computer to: 

analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email 

message as a fraudulent email message; 
investigate the uniform resource locator included with the incoming email message to 
determine information about a server hosting the web site referenced by the 
uniform resource locator; and 
prepare a report comprising at least some of the information about the server hosting 

the web site referenced by the uniform resource locator, locator; 
wherein the instructions executable to investigate the uniform resource locator 
comprise instructions to: 

download at least one web page from the server referenced by the uniform 

resource locator; and 
analyze the at least one web page to determine whether the at least one web 
page comprises a data collection mechanism for allowing a user to provide 
personal information to the server referenced by the at least one uniform 
resource locator. 
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26. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to notify 
the customer that a fraudulent email message has been received. 

27. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to 
analyze the suspicious email activity. 

28. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to allow 
a technician to analyze the suspicious email activity. 

29. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer and the second computer are the same computer. 

30. (Original) A system for combating online fraud as recited in claim 25, 
wherein the second computer and the third computer are the same computer. 

3 1 . (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to allow 
a technician to initiate an administrative response against an operator of the server. 

32. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to 
pursue an administrative response against an operator of the server. 

33. (Original) A system for combating online fraud as recited in claim 25, 
wherein the first computer includes further instructions executable by the first computer to allow 
a technician to initiate a technical response against an operator of the server hosting the web site 
referenced by the uniform resource locator. 
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34. (Original) A system for combating online fraud as recited in claim 33, the 
system further comprising a set of at least one computer, each computer of the set of at least one 
computer including instructions executable by that computer to pursue a technical response 
against the server. 

35. (Original) A system for combating online fraud as recited in claim 34, 
wherein the set of at least one computer comprises a plurality of computers, such that pursuing a 
technical response against the server comprises pursuing a distributed technical response against 
the server. 

36. (Currently Amended) A computer readable medium comprising a 
computer software application including instructions that4s are executable by a computer to: 

create at least one safe account, the at least one safe account being associated with at least 

one bait email address; 
seed the at least one bait email address at a location on a computer network, the location 

being a likely target for a third party attempting to harvest email addresses; 
gather an incoming email message addressed to the at least one bait email address, the 

incoming email message including a uniform resource locator configured to direct a 

recipient of the incoming email message to a web site referenced by the uniform resource 

locator; 

analyze the incoming email message; 

based on an analysis of the incoming email message, categorize the incoming email message 

as a possibly fraudulent email message; 
investigate the uniform resource locator included with the incoming email message to 

determine information about a server hosting the web site referenced by the uniform 

resource locator; 

prepare a report comprising at least some of the information about the server hosting the web 

site referenced by the uniform resource locator; and 
allow an analysis of the report to determine whether the server is likely to attempt to 
fraudulently collect personal information, information; 
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wherein the instructions executable to investigate the uniform resource locator comprise 
instructions to: 

download at least one web page from the server referenced by the uniform resource 
locator; and 

analyze the at least one web page to determine whether the at least one web page 
comprises a data collection mechanism for allowing a user to provide personal 
information to the server referenced by the at least one uniform resource locator. 

37. (Currently Amended) A computer software applicatio n readable medium 
as recited in claim 36, wherein the computer software application^ furthe r comprises 
instructions executable by a computer to analyze the report to determine whether the server is 
likely to attempt to fraudulently collect personal information. 

38. (Currently Amended) A compute r softwar e application readable medium 
as recited in claim 36, wherein the computer software application^ furthe r comprises 
instructions executable by a computer to allow a technician to initiate an action in response to a 
fraudulent attempt by the server to collect personal information. 

39. (Currently Amended) A computer software application readable medium 
as recited in claim 36, wherein the computer software application^ furthe r comprises 
instructions by a computer to pursue an action in response to a fraudulent attempt by the server 
to collect personal information. 

40. (Currently Amended) A computer software applicatio n readable medium 
as recited in claim 36, wherein the computer software application comprises a plurality of 
interoperable software modules, such that each of the plurality of interoperable software modules 
is executable by a different computer. 

41. (Canceled) 

42. (Canceled) 
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43. (Currently Amended) In a relationship between a fraud protection 
provider and a customer, a method of combating online fraud, the method comprising: 

creating at least one safe account, the at least one safe account being associated with at least 
one bait email address; 

seeding the at least one bait email address at a location on a computer network, the location 
being a likely target for a third party attempting to harvest email addresses; 

gathering an incoming email message addressed to the at least one bait email address, the 
incoming email message including a uniform resource locator configured to direct a 
recipient of the incoming email message to a web site referenced by the uniform resource 
locator; 

analyzing the incoming email message; 

based on an analysis of the incoming email message, categorizing the incoming email 

message as a fraudulent email message; 
investigating the uniform resource locator included with the incoming email message to 

determine information about a server hosting the web site referenced by the uniform 

resource locator; 

preparing a report comprising at least some of the information about the server hosting the 

web site referenced by the uniform resource locator; 
analyzing the report to determine whether the server is engaged in a fraudulent attempt to 

collect personal information; and 
taking an action to respond to the fraudulent attempt to collect personal information. 

information; 

wherein investigating the uniform resource locator comprises: 

downloading at least one web page from the server referenced by the uniform 

resource locator; and 
analyzing the at least one web page to determine whether the at least one web page 
comprises a data collection mechanism for allowing a user to provide personal 
information to the server referenced by the at least one uniform resource locator. 
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44. (Original) A method of combating online fraud as recited in claim 43, 
wherein the bait email address is seeded at a location selected from the group consisting of a 
domain registration record, a newsgroup, an electronic mailing list, an electronic customer list, 
an online chat room, an online message board and a list of active email addresses. 

45. (Original) A method of combating online fraud as recited in claim 43, 
wherein the incoming email message purports to be from the customer. 

46. (Original) A method of combating online fraud as recited in claim 45, 
wherein the method further comprises establishing a customer profile for the customer, wherein 
the customer profile includes instructions governing how an attempted online fraud should be 
handled, and wherein taking an action to respond the fraudulent collection of personal 
information comprises consulting the customer profile to determine which of a plurality of 
actions to take to respond to the fraudulent collection of personal information by the server. 

47. (Original) A method of combating online fraud as recited in claim 45, 
wherein taking an action to respond to the fraudulent collection of personal information by the 
server comprises notifying the customer of the fraudulent attempt to collect personal 
information. 

48. (Original) A method of combating online fraud as recited in claim 43, 
wherein taking an action to respond to a fraudulent attempt by the server to collect personal 
information comprises pursuing an administrative response against an operator of the server. 

49. (Original) A method of combating online fraud as recited in claim 48, 
wherein pursuing an administrative response against an operator of the server comprises 
notifying an Internet service provider associated with the server that the server is engaged in a 
fraudulent activity. 

50. (Original) A method of combating online fraud as recited in claim 43, 
wherein the information about the server indicates that the server has been used compromised in 
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a fraudulent attempt to collect personal information, and wherein taking an action to respond to a 
fraudulent attempt by the server to collect personal information comprises notifying an operator 
of the server that the server has been compromised. 

5 1 . (Canceled) 

52. (Canceled) 

53. (Currently Amended) A method of combating online fraud as recited in 
claim-S-h 43, wherein taking an action to respond to a fraudulent attempt by the server to collect 
personal information comprises pursuing a technical response against the server. 

54. (Original) A method of combating online fraud as recited in claim 53, 
wherein pursuing a technical response against the server comprises providing fictitious personal 
information to the server, and wherein the fictitious personal information is formatted to be 
responsive to the at least one field for providing personal information to a web page hosted by 
the server. 

55. (Original) A method of combating online fraud as recited in claim 54, 
wherein the fictitious personal information provided to the server comprises a traceable 
identifier, and wherein pursuing a technical response against the server comprises tracing a use 
of the traceable identifier. 

56. (Original) A method of combating online fraud as recited in claim 55, 
wherein the traceable identifier comprises an account identifier for a financial account associated 
with the customer. 

57. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises providing sufficient fictitious 
personal information to impede the use of any valid personal information received by the server. 
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58. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises providing sufficient fictitious 
personal information to notify an operator of the server that the attempt to fraudulently collect 
personal information has been discovered. 

59. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises providing fictitious personal 
information at a rate sufficient to impede the server's ability to receive personal information from 
any other sources. 

60. (Original) A method of combating online fraud as recited in claim 54, 
wherein pursuing a technical response against the server comprises transmitting the fictitious 
personal information from a plurality of computers. 

61 . (Currently Amended) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locato r included with tho incoming email 
message to dotormino information about a sorvor hosting the - wob site rcforoncod by the uniform 
resource locator further comprises accessing a set of WHOIS information about an apparent 
address referenced by the uniform resource locator. 

62. (Currently Amended) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locato r included with the incoming email 
message to dotormino information about a sorvor hosting tho wob site referenced by tho uniform 
resource locator further comprises ascertaining an Internet Protocol address referenced by the 
uniform resource locator. 

63. (Currently Amended) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locato r included with tho incoming email 
message to determine information about a server hosting the web site referenced by the uniform 
resource locator further comprises interrogating the server hosting the web site referenced by the 
uniform resource locator. 
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64. (Currently Amended) A method of combating online fraud as recited in 
claim 43, wherein investigating the uniform resource locato r included with the incoming email 
message to determine information about a server hosting the web site referenced by the uniform 
resource locator further comprises tracing a network route to the server. 

65. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises analyzing a header portion of the 
incoming email message. 

66. (Original) A method of combating online fraud as recited in claim 65, 
wherein analyzing a header portion of the incoming email message comprises determining 
whether the incoming message is a spoofed message. 

67. (Original) A method of combating online fraud as recited in claim 65, 
wherein analyzing a header portion of the incoming email message comprises determining 
whether the incoming email message originates from a suspicious Internet domain. 

68. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises analyzing a body portion of the 
incoming email message. 

69. (Original) A method of combating online fraud as recited in claim 68, 
wherein analyzing a body portion of the incoming message comprises searching the body portion 
of the incoming message for strings indicating that the incoming message may be part of an 
attempt to fraudulently collect personal information. 

70. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises analyzing a uniform resource locator 
included in the incoming email message. 



Page 19 of 29 



Appl. No. 10/709,398 PATENT 

Amdt. dated September 12, 2008 

Reply to Office Action of March 13, 2008 

71 . (Original) A method of combating online fraud as recited in claim 70, 
wherein analyzing a uniform resource locator included in the incoming email message comprises 
determining whether the uniform resource locator references a suspicious Internet location. 

72. (Original) A method of combating online fraud as recited in claim 43, 
wherein analyzing the incoming email message comprises assigning a score to the incoming 
email message. 

73. (Original) A method of combating online fraud as recited in claim 72, 
wherein analyzing the incoming email message further comprises comparing the assigned score 
with a threshold score. 

74. (New) A system for combating online fraud as recited in claim 1, wherein 
the web page comprises a form and the data collection mechanism comprises one or more fields 
on the form. 



Page 20 of 29 



